Unpatched Systems: An Ethical Hacker's View
-
Upload
peter-wood -
Category
Technology
-
view
109 -
download
1
description
Transcript of Unpatched Systems: An Ethical Hacker's View
![Page 1: Unpatched Systems: An Ethical Hacker's View](https://reader036.fdocuments.us/reader036/viewer/2022062511/54c9207a4a7959873a8b45d7/html5/thumbnails/1.jpg)
Unpatched Systems
Peter WoodChief Executive Officer
First•Base Technologies
An Ethical Hacker’s View
![Page 2: Unpatched Systems: An Ethical Hacker's View](https://reader036.fdocuments.us/reader036/viewer/2022062511/54c9207a4a7959873a8b45d7/html5/thumbnails/2.jpg)
Slide 2 © First Base Technologies 2013
Who is Peter Wood?
Worked in computers & electronics since 1969
Founded First Base in 1989 (one of the first ethical hacking firms)
CEO First Base Technologies LLPSocial engineer & penetration testerConference speaker and security ‘expert’
Member of ISACA Security Advisory GroupVice Chair of BCS Information Risk Management and Audit GroupUK Chair, Corporate Executive Programme
FBCS, CITP, CISSP, MIEEE, M.Inst.ISPRegistered BCS Security ConsultantMember of ACM, ISACA, ISSA, Mensa
![Page 3: Unpatched Systems: An Ethical Hacker's View](https://reader036.fdocuments.us/reader036/viewer/2022062511/54c9207a4a7959873a8b45d7/html5/thumbnails/3.jpg)
Slide 3 © First Base Technologies 2013
Hacker thinking
• How does this work?
• What research is there out there?
• What’s happening under the covers?
• What happens if I do this?
• What happens if I ignore the instructions?
• What if I’m a “legitimate” user?
• Where are the weak points?
• Is there another way in?
![Page 4: Unpatched Systems: An Ethical Hacker's View](https://reader036.fdocuments.us/reader036/viewer/2022062511/54c9207a4a7959873a8b45d7/html5/thumbnails/4.jpg)
Slide 4 © First Base Technologies 2013
Missing Patches – Where?
• Internet facing systems- Operating systems, web servers, applications
• Internal servers- Operating systems, databases, applications
• Workstations & Laptops- Operating systems, browsers, applications
• Smartphones, iPads, etc.- Operating systems, browsers, apps
![Page 5: Unpatched Systems: An Ethical Hacker's View](https://reader036.fdocuments.us/reader036/viewer/2022062511/54c9207a4a7959873a8b45d7/html5/thumbnails/5.jpg)
Slide 5 © First Base Technologies 2013
![Page 6: Unpatched Systems: An Ethical Hacker's View](https://reader036.fdocuments.us/reader036/viewer/2022062511/54c9207a4a7959873a8b45d7/html5/thumbnails/6.jpg)
Slide 6 © First Base Technologies 2013
The Attackers
• Attacks may be external or internal• Attacks are not limited to ‘hackers’• Attacks can be manual or automated
![Page 7: Unpatched Systems: An Ethical Hacker's View](https://reader036.fdocuments.us/reader036/viewer/2022062511/54c9207a4a7959873a8b45d7/html5/thumbnails/7.jpg)
Slide 7 © First Base Technologies 2013
![Page 8: Unpatched Systems: An Ethical Hacker's View](https://reader036.fdocuments.us/reader036/viewer/2022062511/54c9207a4a7959873a8b45d7/html5/thumbnails/8.jpg)
Slide 8 © First Base Technologies 2013
Unpatched FTP
![Page 9: Unpatched Systems: An Ethical Hacker's View](https://reader036.fdocuments.us/reader036/viewer/2022062511/54c9207a4a7959873a8b45d7/html5/thumbnails/9.jpg)
Slide 9 © First Base Technologies 2013
Unpatched Sendmail
![Page 10: Unpatched Systems: An Ethical Hacker's View](https://reader036.fdocuments.us/reader036/viewer/2022062511/54c9207a4a7959873a8b45d7/html5/thumbnails/10.jpg)
Slide 10 © First Base Technologies 2013
Unpatched Router
SNMP Read-Write strings revealed.Now we have full control of this device
![Page 11: Unpatched Systems: An Ethical Hacker's View](https://reader036.fdocuments.us/reader036/viewer/2022062511/54c9207a4a7959873a8b45d7/html5/thumbnails/11.jpg)
Slide 11 © First Base Technologies 2013
‘Root’ on a UNIX Host
Drag and drop an exploit on the target host
Now we have ‘root’ and control the file system
![Page 12: Unpatched Systems: An Ethical Hacker's View](https://reader036.fdocuments.us/reader036/viewer/2022062511/54c9207a4a7959873a8b45d7/html5/thumbnails/12.jpg)
Slide 12 © First Base Technologies 2013
‘System’ on a Windows Host
Drag and drop an exploit on the target host
Now we have ‘system’ and control the file system
![Page 13: Unpatched Systems: An Ethical Hacker's View](https://reader036.fdocuments.us/reader036/viewer/2022062511/54c9207a4a7959873a8b45d7/html5/thumbnails/13.jpg)
Slide 13 © First Base Technologies 2013
Consequences of Missing Patches
• Information theft- Reputational loss- Loss of competitive advantage- Legal action
• Malware infection- Remediation costs- Participation in botnet
• Unauthorised control of systems- Corporate espionage- Corruption of information
• Denial of service- Loss of revenue- Remediation costs
![Page 14: Unpatched Systems: An Ethical Hacker's View](https://reader036.fdocuments.us/reader036/viewer/2022062511/54c9207a4a7959873a8b45d7/html5/thumbnails/14.jpg)
Slide 14 © First Base Technologies 2013
Peter WoodChief Executive Officer
First Base Technologies LLP
http://firstbase.co.ukhttp://white-hats.co.ukhttp://peterwood.com
Twitter: peterwoodx
Need more information?